---
title: Introduction
course: intro_pentest
section: "Maintaining Access with Backdoors and Rootkits"
layout: lesson
---

Maintaining access to a remote system is questionable activity and that needs to
be discussed and clearly explained to the client. Many companies are interested
in having a penetration test performed but are leery of allowing the penetration
testing company to make use of backdoors. Most people are afraid that these
backdoors will be discovered and exploited by an unauthorized third party.
Imagine that you are the CEO of a company, how well would you sleep knowing that
you may have an open, backdoor channel into your network? Remember, the client
sets both the scope and the authorization of the penetration test. You’ll need
to take the time to fully cover and discuss this step before proceeding.

Still, on occasion you may be asked to conduct a penetration test that does
require the use of a backdoor. Whether the reason is to provide a
proof-of-concept, or simply to create a realistic scenario where the attacker
can return to the target, it’s important to cover the basics in this step.

In the simplest scene, a backdoor is a piece of software that resides on the
target computer and allows the attack to return (connect) to the machine at any
time. In most cases, the backdoor is a hidden process that runs on the target
machine and allows a normally unauthorized user to control the PC.

It is also important to understand that many exploits are fleeting. They work
and provide access only as long as the program that was exploited remains
running. In many cases, if the target machine reboots or the exploited process
is stopped, the shell will be lost. As a result of this, one of the first tasks
to complete upon gaining access to a system is to migrate your shell to a more
permanent home. This is often done through the use of backdoors.

Later in the chapter, we’ll discuss rootkits. Rootkits are a special kind of
software that embed themselves deep into the operating systems and perform a
number of tasks, including giving a hacker the ability to complete hide
processes and programs.
